Fixes: #414
username-removed-35210 (c53b2c91) at 06 Oct 15:46
Protect against messages without a sender
... and 21 more commits
If a message has no From
header and no unixfrom sender, the senders
property will be an empty list and the message will be able to bypass the NonmemberModeration
rule in mailman.rules.moderation
. Apparently some spammers already know that :-/
Apparently the user has requested subscription to the list but not yet confirmed. An attempt to post produces
ERROR 2017-08-28 10:25:28,320 exception 5840 140080794515200 Internal Server Error: /mm3/archives/list/sfepy@python.org/message/new
Traceback (most recent call last):
File "/opt/mailman/mailman-bundler/venv/lib/python2.7/site-packages/Django-1.10.7-py2.7.egg/django/core/handlers/exception.py", line 42, in inner
response = get_response(request)
File "/opt/mailman/mailman-bundler/venv/lib/python2.7/site-packages/Django-1.10.7-py2.7.egg/django/core/handlers/base.py", line 249, in _legacy_get_response
response = self._get_response(request)
File "/opt/mailman/mailman-bundler/venv/lib/python2.7/site-packages/Django-1.10.7-py2.7.egg/django/core/handlers/base.py", line 187, in _get_response
response = self.process_exception_by_middleware(e, request)
File "/opt/mailman/mailman-bundler/venv/lib/python2.7/site-packages/Django-1.10.7-py2.7.egg/django/core/handlers/base.py", line 185, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/opt/mailman/mailman-bundler/venv/lib/python2.7/site-packages/Django-1.10.7-py2.7.egg/django/contrib/auth/decorators.py", line 23, in _wrapped_view
return view_func(request, *args, **kwargs)
File "/opt/mailman/mailman-bundler/venv/lib/python2.7/site-packages/HyperKitty-1.1.2-py2.7.egg/hyperkitty/lib/view_helpers.py", line 136, in inner
return func(request, *args, **kwargs)
File "/opt/mailman/mailman-bundler/venv/lib/python2.7/site-packages/HyperKitty-1.1.2-py2.7.egg/hyperkitty/views/message.py", line 219, in new_message
form.cleaned_data["message"], headers)
File "/opt/mailman/mailman-bundler/venv/lib/python2.7/site-packages/HyperKitty-1.1.2-py2.7.egg/hyperkitty/lib/posting.py", line 84, in post_to_list
mlist.name, request.user, sender, display_name)
File "/opt/mailman/mailman-bundler/venv/lib/python2.7/site-packages/HyperKitty-1.1.2-py2.7.egg/hyperkitty/lib/mailman.py", line 64, in subscribe
email, display_name, pre_verified=True, pre_confirmed=True)
File "/opt/mailman/mailman-bundler/venv/lib/python2.7/site-packages/mailmanclient-3.1.1-py2.7.egg/mailmanclient/_client.py", line 912, in subscribe
response, content = self._connection.call('members', data)
File "/opt/mailman/mailman-bundler/venv/lib/python2.7/site-packages/mailmanclient-3.1.1-py2.7.egg/mailmanclient/_client.py", line 113, in call
raise HTTPError(url, response.status, content, response, None)
HTTPError: HTTP Error 409: Subscription request already pending
and returns a 500 error to the user. This should report the actual problem to the user rather than the 500.
A wb crawler attempted the following GET
Sep/2017:12:05:02 +0000] "GET /archives/list/mailman-users@mailman3.org/export/mailman-users@mailman3.org-2017-09.mbox.gz?start=2017-09-01&end=2017-10-01/ HTTP/1.0" 500 27 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3"
which resulted in
ERROR 2017-09-03 12:05:02,241 exception 1422 140243765118784 Internal Server Error: /archives/list/mailman-users@mailman3.org/export/mailman-users@mailman3.org-2017-09.mbox.gz
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/Django-1.10.7-py2.7.egg/django/co
re/handlers/exception.py", line 42, in inner
response = get_response(request)
File "/usr/local/lib/python2.7/dist-packages/Django-1.10.7-py2.7.egg/django/core/handlers/base.py", line 249, in _legacy_get_response
response = self._get_response(request)
File "/usr/local/lib/python2.7/dist-packages/Django-1.10.7-py2.7.egg/django/core/handlers/base.py", line 187, in _get_response
response = self.process_exception_by_middleware(e, request)
File "/usr/local/lib/python2.7/dist-packages/Django-1.10.7-py2.7.egg/django/core/handlers/base.py", line 185, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/lib/python2.7/dist-packages/HyperKitty-1.1.2-py2.7.egg/hyperkitty/lib/view_helpers.py", line 136, in inner
return func(request, *args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/HyperKitty-1.1.2-py2.7.egg/hyperkitty/views/mlist.py", line 312, in export_mbox
request.GET["end"], "%Y-%m-%d")
File "/usr/lib/python2.7/_strptime.py", line 328, in _strptime
data_string[found.end():])
ValueError: unconverted data remains: /
because of the web crawler's appending a slash to the URL. I don't really mind the web crawler getting a 500 in this case, but it's annoying to see the errors in logs and figure out what happened.
username-removed-35210 (2cdda1f3) at 28 Sep 20:35
Protect export_mbox against malformed URLs
... and 2 more commits
The MANIFEST.in
file still includes COPYING.LESSER
but the license file is now LICENSE
, please update.
There is also a cron job that syncs this setting periodically. Until there's a way for external apps to subscribe to Mailman signals (which should have been made possible by recent commits by the way), that's the best I could do.
It would be useful to have a page that lists all thread tags, and one that shows tags in a specific mailing-list only.
There's a typo in this file: https://gitlab.com/mailman/postorius/blob/master/src/postorius/templates/postorius/lists/summary.html#L89
It says: If you wish to to so, please use the form below
. It should be to do so
.
username-removed-35210 (60122ec3) at 05 Sep 13:36
username-removed-35210 (accc4f1a) at 05 Sep 13:35
username-removed-35210 (36d114b3) at 05 Sep 13:35
That's interesting, it should not arrive to that point. What is the subscription_policy
for this list?
username-removed-35210 (c9bc7cb9) at 05 Sep 08:23
username-removed-35210 (c602770e) at 29 Aug 14:42
Reject invalid sender addresses in LMTP
... and 207 more commits
This is strange, is the Django Q cluster running? Can you run django-admin qinfo
and tell me if there are queued tasks?
username-removed-35210 (a91f7421) at 14 Aug 08:16
Update the mailman doc link
... and 2 more commits
@eloquence What database engine are you using? I tried this command on PostgreSQL and on SQLite and it worked on both engines.
username-removed-35210 (2856d8de) at 11 Aug 09:29
Register the flatpages URLs
... and 5 more commits